summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorglewis <glewis@FreeBSD.org>2004-10-16 17:00:27 +0000
committerglewis <glewis@FreeBSD.org>2004-10-16 17:00:27 +0000
commit0b97372ac606caca1b704e1adba01eb9b91b6d43 (patch)
treeb1b9ac7b6f8388d3a70a73eb293c9ca433e6d0a0
parent925d42ed3341e58c52108f5a0673dcdd7cd26bee (diff)
downloadFreeBSD-ports-0b97372ac606caca1b704e1adba01eb9b91b6d43.zip
FreeBSD-ports-0b97372ac606caca1b704e1adba01eb9b91b6d43.tar.gz
. In the ReadChunk() function, change an assert() to be a "test for a
condition and return NULL". Take account of the NULL in the appropriate place (which is somewhat worrisome in itself since ReadChunk() has always had the possibility of returning NULL). This makes loading a font file a little more resilient to specially crafted font data which can be used, for example, by an applet to crash the browser plugin by triggering the assert(). Such an applet was mentioned on Bugtraq: http://www.securityfocus.com/archive/1/367331/2004-06-26/2004-07-02/0 and can be found at http://www.illegalaccess.org/cms/?q=node/view/9 This change stops the browser plugin from crashing. . Fix some warnings regarding formats in debugging printf's.
-rw-r--r--java/jdk14/files/patch-awt_fontmanager_fontObject.cpp53
-rw-r--r--java/jdk15/files/patch-awt_fontmanager_fontObject.cpp53
-rw-r--r--java/jdk16/files/patch-awt_fontmanager_fontObject.cpp53
3 files changed, 159 insertions, 0 deletions
diff --git a/java/jdk14/files/patch-awt_fontmanager_fontObject.cpp b/java/jdk14/files/patch-awt_fontmanager_fontObject.cpp
new file mode 100644
index 0000000..3efc10e
--- /dev/null
+++ b/java/jdk14/files/patch-awt_fontmanager_fontObject.cpp
@@ -0,0 +1,53 @@
+$FreeBSD$
+
+--- ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp.orig Wed Jul 7 09:33:52 2004
++++ ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp Wed Jul 7 13:26:03 2004
+@@ -416,7 +416,11 @@
+ fUseCount += 1;
+
+ if (length > 0 && fFileSize > 0) {
+- assert(offset < fFileSize);
++ if (offset >= fFileSize) {
++ fUseCount--;
++ return NULL;
++ }
++
+ if ((offset + length) > fFileSize)
+ length = fFileSize - offset;
+
+@@ -431,13 +435,14 @@
+ "fileFontObject::ReadChunk(UInt32,UInt32,void*)\n"
+ );
+ #endif
++ fUseCount--;
+ return NULL;
+ }
+
+ off_t err = lseek(fFile, offset, SEEK_SET);
+ #ifdef DEBUG
+ if (err == (off_t)-1) {
+- fprintf(stderr, "seek(%d) returned %d\n", offset, (int) err);
++ fprintf(stderr, "seek(%ld) returned %d\n", offset, (int) err);
+ }
+ #endif
+
+@@ -448,7 +453,7 @@
+ int tellvalue = lseek(fFile, 0, SEEK_END);
+ #ifdef DEBUG
+ fprintf(stderr,
+- "<%s> of %d, ln %d, rd %d, sz %d, tell %d, err %d\n",
++ "<%s> of %ld, ln %ld, rd %d, sz %ld, tell %d, err %d\n",
+ (char *)fFileName, offset, length, (int)bytesRead,
+ fFileSize, tellvalue, (int) err);
+ #endif
+@@ -1457,7 +1462,9 @@
+ return false;
+ }
+
+- this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets);
++ if (this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets) == NULL) {
++ return false;
++ }
+ for (int i=0; i<fFontCount; i++) {
+ offsets[i] = GET32(offsets[i]);
+ }
diff --git a/java/jdk15/files/patch-awt_fontmanager_fontObject.cpp b/java/jdk15/files/patch-awt_fontmanager_fontObject.cpp
new file mode 100644
index 0000000..3efc10e
--- /dev/null
+++ b/java/jdk15/files/patch-awt_fontmanager_fontObject.cpp
@@ -0,0 +1,53 @@
+$FreeBSD$
+
+--- ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp.orig Wed Jul 7 09:33:52 2004
++++ ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp Wed Jul 7 13:26:03 2004
+@@ -416,7 +416,11 @@
+ fUseCount += 1;
+
+ if (length > 0 && fFileSize > 0) {
+- assert(offset < fFileSize);
++ if (offset >= fFileSize) {
++ fUseCount--;
++ return NULL;
++ }
++
+ if ((offset + length) > fFileSize)
+ length = fFileSize - offset;
+
+@@ -431,13 +435,14 @@
+ "fileFontObject::ReadChunk(UInt32,UInt32,void*)\n"
+ );
+ #endif
++ fUseCount--;
+ return NULL;
+ }
+
+ off_t err = lseek(fFile, offset, SEEK_SET);
+ #ifdef DEBUG
+ if (err == (off_t)-1) {
+- fprintf(stderr, "seek(%d) returned %d\n", offset, (int) err);
++ fprintf(stderr, "seek(%ld) returned %d\n", offset, (int) err);
+ }
+ #endif
+
+@@ -448,7 +453,7 @@
+ int tellvalue = lseek(fFile, 0, SEEK_END);
+ #ifdef DEBUG
+ fprintf(stderr,
+- "<%s> of %d, ln %d, rd %d, sz %d, tell %d, err %d\n",
++ "<%s> of %ld, ln %ld, rd %d, sz %ld, tell %d, err %d\n",
+ (char *)fFileName, offset, length, (int)bytesRead,
+ fFileSize, tellvalue, (int) err);
+ #endif
+@@ -1457,7 +1462,9 @@
+ return false;
+ }
+
+- this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets);
++ if (this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets) == NULL) {
++ return false;
++ }
+ for (int i=0; i<fFontCount; i++) {
+ offsets[i] = GET32(offsets[i]);
+ }
diff --git a/java/jdk16/files/patch-awt_fontmanager_fontObject.cpp b/java/jdk16/files/patch-awt_fontmanager_fontObject.cpp
new file mode 100644
index 0000000..3efc10e
--- /dev/null
+++ b/java/jdk16/files/patch-awt_fontmanager_fontObject.cpp
@@ -0,0 +1,53 @@
+$FreeBSD$
+
+--- ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp.orig Wed Jul 7 09:33:52 2004
++++ ../../j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp Wed Jul 7 13:26:03 2004
+@@ -416,7 +416,11 @@
+ fUseCount += 1;
+
+ if (length > 0 && fFileSize > 0) {
+- assert(offset < fFileSize);
++ if (offset >= fFileSize) {
++ fUseCount--;
++ return NULL;
++ }
++
+ if ((offset + length) > fFileSize)
+ length = fFileSize - offset;
+
+@@ -431,13 +435,14 @@
+ "fileFontObject::ReadChunk(UInt32,UInt32,void*)\n"
+ );
+ #endif
++ fUseCount--;
+ return NULL;
+ }
+
+ off_t err = lseek(fFile, offset, SEEK_SET);
+ #ifdef DEBUG
+ if (err == (off_t)-1) {
+- fprintf(stderr, "seek(%d) returned %d\n", offset, (int) err);
++ fprintf(stderr, "seek(%ld) returned %d\n", offset, (int) err);
+ }
+ #endif
+
+@@ -448,7 +453,7 @@
+ int tellvalue = lseek(fFile, 0, SEEK_END);
+ #ifdef DEBUG
+ fprintf(stderr,
+- "<%s> of %d, ln %d, rd %d, sz %d, tell %d, err %d\n",
++ "<%s> of %ld, ln %ld, rd %d, sz %ld, tell %d, err %d\n",
+ (char *)fFileName, offset, length, (int)bytesRead,
+ fFileSize, tellvalue, (int) err);
+ #endif
+@@ -1457,7 +1462,9 @@
+ return false;
+ }
+
+- this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets);
++ if (this->ReadChunk(sizeof theHeader, fFontCount * sizeof *offsets, offsets) == NULL) {
++ return false;
++ }
+ for (int i=0; i<fFontCount; i++) {
+ offsets[i] = GET32(offsets[i]);
+ }
OpenPOWER on IntegriCloud